schleuder 4.0.2 → 5.0.0

data/lib/schleuder/mail/gpg/gpgme_helper.rb

@@ -0,0 +1,155 @@
+require 'schleuder/mail/gpg/gpgme_ext'
+
+# GPGME methods for encryption/decryption/signing
+module Mail
+  module Gpg
+    class GpgmeHelper
+
+      def self.encrypt(plain, options = {})
+        options = options.merge({armor: true})
+
+        plain_data  = GPGME::Data.new(plain)
+        cipher_data = GPGME::Data.new(options[:output])
+
+        recipient_keys = keys_for_data options[:recipients], options.delete(:keys)
+
+        if recipient_keys.empty?
+          raise MissingKeysError.new('No keys to encrypt to!')
+        end
+
+        flags = 0
+        flags |= GPGME::ENCRYPT_ALWAYS_TRUST if options[:always_trust]
+
+        GPGME::Ctx.new(options) do |ctx|
+          begin
+            if options[:sign]
+              if options[:signers] && options[:signers].size > 0
+                signers = GPGME::Key.find(:secret, options[:signers], :sign)
+                ctx.add_signer(*signers)
+              end
+              ctx.encrypt_sign(recipient_keys, plain_data, cipher_data, flags)
+            else
+              ctx.encrypt(recipient_keys, plain_data, cipher_data, flags)
+            end
+          rescue GPGME::Error::UnusablePublicKey => exc
+            exc.keys = ctx.encrypt_result.invalid_recipients
+            raise exc
+          rescue GPGME::Error::UnusableSecretKey => exc
+            exc.keys = ctx.sign_result.invalid_signers
+            raise exc
+          end
+        end
+
+        cipher_data.seek(0)
+        cipher_data
+      end
+
+      def self.decrypt(cipher, options = {})
+        cipher_data = GPGME::Data.new(cipher)
+        plain_data  = GPGME::Data.new(options[:output])
+
+        GPGME::Ctx.new(options) do |ctx|
+          begin
+            if options[:verify]
+              ctx.decrypt_verify(cipher_data, plain_data)
+              plain_data.verify_result = ctx.verify_result
+            else
+              ctx.decrypt(cipher_data, plain_data)
+            end
+          rescue GPGME::Error::UnsupportedAlgorithm => exc
+            exc.algorithm = ctx.decrypt_result.unsupported_algorithm
+            raise exc
+          rescue GPGME::Error::WrongKeyUsage => exc
+            exc.key_usage = ctx.decrypt_result.wrong_key_usage
+            raise exc
+          end
+        end
+
+        plain_data.seek(0)
+        plain_data
+      end
+
+      def self.sign(plain, options = {})
+        options.merge!({
+          armor: true,
+          signer: options.delete(:sign_as),
+          mode: GPGME::SIG_MODE_DETACH
+        })
+        crypto = GPGME::Crypto.new
+        crypto.sign GPGME::Data.new(plain), options
+      end
+
+      # returns [success(bool), VerifyResult(from gpgme)]
+      # success will be true when there is at least one sig and no invalid sig
+      def self.sign_verify(plain, signature, options = {})
+        signed_data = GPGME::Data.new(plain)
+        signature = GPGME::Data.new(signature)
+
+        success = verify_result = nil
+        GPGME::Ctx.new(options) do |ctx|
+          ctx.verify signature, signed_data, nil
+          verify_result = ctx.verify_result
+          signatures = verify_result.signatures
+          success = signatures &&
+            signatures.size > 0 &&
+            signatures.detect{|s| !s.valid? }.nil?
+        end
+        return [success, verify_result]
+      end
+
+      def self.inline_verify(signed_text, options = {})
+        signed_data = GPGME::Data.new(signed_text)
+        success = verify_result = nil
+        GPGME::Ctx.new(options) do |ctx|
+          ctx.verify signed_data, nil
+          verify_result = ctx.verify_result
+          signatures = verify_result.signatures
+          success = signatures &&
+            signatures.size > 0 &&
+            signatures.detect{|s| !s.valid? }.nil?
+        end
+        return [success, verify_result]
+      end
+
+      # normalizes the list of recipients' emails, key ids and key data to a
+      # list of Key objects
+      #
+      # if key_data is given, _only_ key material from there is used,
+      # and eventually already imported keys in the keychain are ignored.
+      def self.keys_for_data(emails_or_shas_or_keys, key_data = nil)
+        if key_data
+          # in this case, emails_or_shas_or_keys is supposed to be the list of
+          # recipients, and key_data the key material to be used.
+          # We now map these to whatever we find in key_data for each of these
+          # addresses.
+          [emails_or_shas_or_keys].flatten.map do |r|
+            k = key_data[r]
+            key_id = case k
+                     when GPGME::Key
+                       # assuming this is already imported
+                       k.fingerprint
+                     when nil, ''
+                       # nothing
+                       nil
+                     when /-----BEGIN PGP/
+                       # ASCII key data
+                       GPGME::Key.import(k).imports.map(&:fpr)
+                     else
+                       # key id or fingerprint
+                       k
+                     end
+            unless key_id.nil? || key_id.empty?
+              GPGME::Key.find(:public, key_id, :encrypt)
+            end
+          end.flatten.compact
+        elsif emails_or_shas_or_keys && (emails_or_shas_or_keys.size > 0)
+          # key lookup in keychain for all receivers
+          GPGME::Key.find :public, emails_or_shas_or_keys, :encrypt
+        else
+          # empty array given
+          []
+        end
+      end
+    end
+  end
+end

data/lib/schleuder/mail/gpg/inline_decrypted_message.rb

@@ -0,0 +1,82 @@
+require 'schleuder/mail/gpg/verified_part'
+
+# decryption of the so called 'PGP-Inline' message types
+# this is not a standard, so the implementation is based on the notes
+# here http://binblog.info/2008/03/12/know-your-pgp-implementation/
+# and on test messages generated with the Mozilla Enigmail OpenPGP
+# plugin https://www.enigmail.net
+module Mail
+  module Gpg
+    class InlineDecryptedMessage < Mail::Message
+
+      # options are:
+      #
+      # :verify: decrypt and verify
+      def self.setup(cipher_mail, options = {})
+        if cipher_mail.multipart?
+          self.new do
+            Mail::Gpg.copy_headers cipher_mail, self
+
+            # Drop the HTML-part of a multipart/alternative-message if it is
+            # inline-encrypted: that ciphertext is probably wrapped in HTML,
+            # which GnuPG chokes upon, so we would have to parse the HTML to
+            # handle the message-part properly.
+            # Also it's not clear how to handle the resulting plain-text: is
+            # it HTML or simple text?  That depends on the sending MUA and
+            # the original input.
+            # In summary, that's too much complications.
+            if cipher_mail.mime_type == 'multipart/alternative' &&
+                cipher_mail.html_part.present? &&
+                cipher_mail.html_part.body.decoded.include?('-----BEGIN PGP MESSAGE-----')
+              cipher_mail.parts.delete_if do |part|
+                part[:content_type].content_type == 'text/html'
+              end
+              # Set the content-type of the newly generated message to
+              # something less confusing.
+              content_type 'multipart/mixed'
+              # Leave a marker for other code.
+              header['X-MailGpg-Deleted-Html-Part'] = 'true'
+            end
+
+            cipher_mail.parts.each do |part|
+              p = VerifiedPart.new do |p|
+                if part.has_content_type? && /application\/(?:octet-stream|pgp-encrypted)/ =~ part.mime_type
+                  # encrypted attachment, we set the content_type to the generic 'application/octet-stream'
+                  # and remove the .pgp/gpg/asc from name/filename in header fields
+                  decrypted = GpgmeHelper.decrypt(part.decoded, options)
+                  p.verify_result decrypted.verify_result if options[:verify]
+                  p.content_type part.content_type.sub(/application\/(?:octet-stream|pgp-encrypted)/, 'application/octet-stream')
+                                     .sub(/name=(?:"')?(.*)\.(?:pgp|gpg|asc)(?:"')?/, 'name="\1"')
+                  p.content_disposition part.content_disposition.sub(/filename=(?:"')?(.*)\.(?:pgp|gpg|asc)(?:"')?/, 'filename="\1"')
+                  p.content_transfer_encoding Mail::Encodings::Base64
+                  p.body Mail::Encodings::Base64.encode(decrypted.to_s)
+                else
+                  body = part.body.decoded
+                  if body.include?('-----BEGIN PGP MESSAGE-----')
+                    decrypted = GpgmeHelper.decrypt(body, options)
+                    p.verify_result decrypted.verify_result if options[:verify]
+                    p.body decrypted.to_s
+                  else
+                    p.content_type part.content_type
+                    p.content_transfer_encoding part.content_transfer_encoding
+                    p.body part.body.to_s
+                  end
+                end
+              end
+              add_part p
+            end
+          end
+        else
+          decrypted = cipher_mail.body.empty? ? '' : GpgmeHelper.decrypt(cipher_mail.body.decoded, options)
+          self.new do
+            cipher_mail.header.fields.each do |field|
+              header[field.name] = field.value
+            end
+            body decrypted.to_s
+            verify_result decrypted.verify_result if options[:verify] && decrypted != ''
+          end
+        end
+      end
+    end
+  end
+end

data/lib/schleuder/mail/gpg/inline_signed_message.rb

@@ -0,0 +1,73 @@
+require 'schleuder/mail/gpg/verified_part'
+
+module Mail
+  module Gpg
+    class InlineSignedMessage < Mail::Message
+
+      def self.setup(signed_mail, options = {})
+        if signed_mail.multipart?
+          self.new do
+            global_verify_result = []
+            signed_mail.header.fields.each do |field|
+              header[field.name] = field.value
+            end
+            signed_mail.parts.each do |part|
+              if Mail::Gpg.signed_inline?(part)
+                signed_text = part.body.to_s
+                success, vr = GpgmeHelper.inline_verify(signed_text, options)
+                p = VerifiedPart.new(part)
+                if success
+                  p.body self.class.strip_inline_signature signed_text
+                end
+                p.verify_result vr
+                global_verify_result << vr
+                add_part p
+              else
+                add_part part
+              end
+            end
+            verify_result global_verify_result
+          end
+        else
+          self.new do
+            signed_mail.header.fields.each do |field|
+              header[field.name] = field.value
+            end
+            signed_text = signed_mail.body.to_s
+            success, vr = GpgmeHelper.inline_verify(signed_text, options)
+            if success
+              body self.class.strip_inline_signature signed_text
+            else
+              body signed_text
+            end
+            verify_result vr
+          end
+        end
+      end
+
+      END_SIGNED_TEXT = '-----END PGP SIGNED MESSAGE-----'
+      END_SIGNED_TEXT_RE = /^#{END_SIGNED_TEXT}\s*$/
+      INLINE_SIG_RE = Regexp.new('^-----BEGIN PGP SIGNATURE-----\s*$.*^-----END PGP SIGNATURE-----\s*$', Regexp::MULTILINE)
+      BEGIN_SIG_RE = /^(-----BEGIN PGP SIGNATURE-----)\s*$/
+
+
+      # utility method to remove inline signature and related pgp markers
+      def self.strip_inline_signature(signed_text)
+        if signed_text =~ INLINE_SIG_RE
+          signed_text = signed_text.dup
+          if signed_text !~ END_SIGNED_TEXT_RE
+            # insert the 'end of signed text' marker in case it is missing
+            signed_text = signed_text.gsub BEGIN_SIG_RE, "-----END PGP SIGNED MESSAGE-----\n\\1"
+          end
+          signed_text.gsub! INLINE_SIG_RE, ''
+          signed_text.strip!
+        end
+        # Strip possible inline-"headers" (e.g. "Hash: SHA256", or "Comment: something").
+        signed_text.gsub(/(.*^-----BEGIN PGP SIGNED MESSAGE-----\n)(.*?)^$(.+)/m, '\1\3')
+      end
+
+    end
+  end
+end
+
+

data/lib/schleuder/mail/gpg/mime_signed_message.rb

@@ -0,0 +1,28 @@
+require 'schleuder/mail/gpg/verified_part'
+
+module Mail
+  module Gpg
+    class MimeSignedMessage < Mail::Message
+
+      def self.setup(signed_mail, options = {})
+        content_part, signature = signed_mail.parts
+        success, vr = SignPart.verify_signature(content_part, signature, options)
+        self.new do
+          verify_result vr
+          signed_mail.header.fields.each do |field|
+            header[field.name] = field.value
+          end
+          content_part.header.fields.each do |field|
+            header[field.name] = field.value
+          end
+          if content_part.multipart?
+            content_part.parts.each{|part| add_part part}
+          else
+            body content_part.body.raw_source
+          end
+        end
+      end
+    end
+  end
+end
+

data/lib/schleuder/mail/gpg/missing_keys_error.rb

@@ -0,0 +1,6 @@
+module Mail
+  module Gpg
+    class MissingKeysError < StandardError
+    end
+  end
+end

data/lib/schleuder/mail/gpg/sign_part.rb

@@ -1,15 +1,26 @@
 module Mail
   module Gpg
     class SignPart < Mail::Part
-      # Copied verbatim from mail-gpg v.0.4.2. This code was changed in
-      # <https://github.com/jkraemer/mail-gpg/commit/5fded41ccee4a58f848a2f8e7bd53d11236f8984>,
-      # which breaks verifying some encapsulated (signed-then-encrypted)
-      # messages. See
-      # <https://github.com/jkraemer/mail-gpg/pull/40#issue-95776382> for
-      # details.
+
+      def initialize(cleartext_mail, options = {})
+        signature = GpgmeHelper.sign(cleartext_mail.encoded, options)
+        super() do
+          body signature.to_s
+          content_type "application/pgp-signature; name=\"signature.asc\""
+          content_disposition 'attachment; filename="signature.asc"'
+          content_description 'OpenPGP digital signature'
+        end
+      end
+
+      # true if all signatures are valid
+      def self.signature_valid?(plain_part, signature_part, options = {})
+        verify_signature(plain_part, signature_part, options)[0]
+      end
+
+      # will return [success(boolean), verify_result(as returned by gpgme)]
       def self.verify_signature(plain_part, signature_part, options = {})
         if !(signature_part.has_content_type? &&
-            ('application/pgp-signature' == signature_part.mime_type))
+             ('application/pgp-signature' == signature_part.mime_type))
           return false
         end
 
@@ -19,7 +30,7 @@ module Mail
           plaintext = [ plain_part.header.raw_source,
                         "\r\n\r\n",
                         plain_part.body.raw_source
-          ].join
+                      ].join
         else
           plaintext = plain_part.encoded
         end
@@ -30,4 +41,3 @@ module Mail
     end
   end
 end
-

data/lib/schleuder/mail/gpg/signed_part.rb

@@ -0,0 +1,37 @@
+require 'mail/part'
+require 'schleuder/mail/gpg/sign_part'
+
+module Mail
+  module Gpg
+
+    class SignedPart < Mail::Part
+
+      def self.build(cleartext_mail)
+        new do
+          if cleartext_mail.body.multipart?
+            if cleartext_mail.content_type =~ /^(multipart[^;]+)/
+              # preserve multipart/alternative etc
+              content_type $1
+            else
+              content_type 'multipart/mixed'
+            end
+            cleartext_mail.body.parts.each do |p|
+              add_part p
+            end
+          else
+            content_type cleartext_mail.content_type
+            body cleartext_mail.body.raw_source
+          end
+        end
+      end
+
+      def sign(options)
+        SignPart.new(self, options)
+      end
+
+
+    end
+
+
+  end
+end

data/lib/schleuder/mail/gpg/verified_part.rb

@@ -0,0 +1,10 @@
+require 'schleuder/mail/gpg/verify_result_attribute'
+
+module Mail
+  module Gpg
+    class VerifiedPart < Mail::Part
+      include VerifyResultAttribute
+    end
+  end
+end
+

data/lib/schleuder/mail/gpg/verify_result_attribute.rb

@@ -0,0 +1,32 @@
+module Mail
+  module Gpg
+    module VerifyResultAttribute
+
+      # the result of signature verification, as provided by GPGME
+      def verify_result(result = nil)
+        if result
+          self.verify_result = result
+        else
+          @verify_result
+        end
+      end
+
+      def verify_result=(result)
+        @verify_result = result
+      end
+
+      # checks validity of signatures (true / false)
+      def signature_valid?
+        sigs = self.signatures
+        sigs.any? && sigs.all?{|s| s.valid?}
+      end
+
+      # list of all signatures from verify_result
+      def signatures
+        [verify_result].flatten.compact.map do |vr|
+          vr.signatures
+        end.flatten.compact
+      end
+    end
+  end
+end

data/lib/schleuder/mail/gpg/version_part.rb

@@ -0,0 +1,22 @@
+require 'mail/part'
+
+module Mail
+  module Gpg
+    class VersionPart < Mail::Part
+      VERSION_1 = 'Version: 1'
+      CONTENT_TYPE = 'application/pgp-encrypted'
+      CONTENT_DESC = 'PGP/MIME Versions Identification'
+    
+      def initialize(*args)
+        super
+        body VERSION_1
+        content_type CONTENT_TYPE
+        content_description CONTENT_DESC
+      end
+      
+      def self.is_version_part?(part)
+        part.mime_type == CONTENT_TYPE && part.body =~ /#{VERSION_1}/
+      end
+    end
+  end
+end